Network Security Group in Azure
Ø
NSG security group controls traffic coming in or
going out in Virtual Network ( VNET)
Ø
NSG rules are applied at subnet level and
interface level.
Ø
It is not mandatory to apply NSG to subnet or
interface level.
Ø
if nothing applied all traffic is allowed by
default.
Ø
Subnet and
interface can be attached to only
one NSG.
Ø
It advised to use NSG at subnet level if no
virtual network appliance is being used.
Ø
It is important to understand direction of
traffic please see below diagram.
Ø
When traffic comes Inside ( Incoming) to VM
subnet level NSG gets evaluated first then interface level NSG.
Ø
When traffic comes in outside direction
interface level ACL is evaluated first then subnet level.
Ø
By default following NSG's are created that
cannot be deleted.
Ø
NSG Rules are processed in priority order. The lower the number, the higher the
priority.it is best practise to leave gap between rules – 100, 200, 300, etc. This is so it is easier to add new rules
without editing existing rules. Enter a
value between 100-4096 that is unique for all security rules within the network
security group.
